1. Home
  2. Cisco
  3. CCNP Security
  4. 300-715
  5. Implementing and Configuring Cisco Identity Services Engine (SISE) v4.0 (300-715 SISE) Questions and Answers

Pass the Cisco CCNP Security 300-715 Questions and answers with CertsForce

 Cisco Exams      Go to Exam Detail      Get Premium Access
Viewing page 7 out of 8 pages
Viewing questions 61-70 out of questions
Questions # 61:

A network engineer is configuring Cisco TrustSec and needs to ensure that the Security Group Tag is being transmitted between two devices Where in the Layer 2 frame should this be verified?

Options:
A.

CMD filed

B.

802.1Q filed

C.

Payload

D.

802.1 AE header

Expert Solution
Questions # 62:

Which two events trigger a CoA for an endpoint when CoA is enabled globally for ReAuth? (Choose two.)

Options:
A.

endpoint marked as lost in My Devices Portal

B.

addition of endpoint to My Devices Portal

C.

endpoint profile transition from Apple-Device to Apple-iPhone

D.

endpoint profile transition from Unknown to Windows 10-Workstation

E.

updating of endpoint dACL.

Expert Solution
Questions # 63:

An administrator is configuring a new profiling policy within Cisco ISE The organization has several endpoints that are the same device type and all have the same Block ID in their MAC address. The profiler does not currently have a profiling policy created to categorize these endpoints. therefore a custom profiling policy must be created Which condition must the administrator use in order to properly profile an ACME Al Connector endpoint for network access with MAC address ?

Options:
A.

MAC_OUI_STARTSWITH_

B.

CDP_cdpCacheDevicelD_CONTAINS_

C.

MAC_MACAddress_CONTAINS_

D.

Radius Called Station-ID STARTSWITH

Expert Solution
Questions # 64:

An engineer is configuring Cisco ISE for guest services They would like to have any unregistered guests redirected to the guest portal for authentication then have a CoA provide them with full access to the network that is segmented via firewalls Why is the given configuration failing to accomplish this goal?

Options:
A.

The Guest Flow condition is not in the line that gives access to the quest portal

B.

The Network_Access_Authentication_Passed condition will not work with guest services for portal access.

C.

The Permit Access result is not set to restricted access in its policy line

D.

The Guest Portal and Guest Access policy lines are in the wrong order

Expert Solution
Questions # 65:

What must match between Cisco ISE and the network access device to successfully authenticate endpoints?

Options:
A.

SNMP version

B.

shared secret

C.

certificate

D.

profile

Expert Solution
Questions # 66:

An engineer is configuring a guest password policy and needs to ensure that the password complexity requirements are set to mitigate brute force attacks. Which two requirement complete this policy? (Choose two)

Options:
A.

minimum password length

B.

active username limit

C.

access code control

D.

gpassword expiration period

E.

username expiration date

Expert Solution
Questions # 67:

An administrator needs to allow guest devices to connect to a private network without requiring usernames and passwords. Which two features must be configured to allow for this? (Choose two.)

Options:
A.

hotspot guest portal

B.

device registration WebAuth

C.

central WebAuth

D.

local WebAuth

E.

self-registered guest portal

Expert Solution
Questions # 68:

Refer to the exhibit.

Question # 68

An organization recently implemented network device administration using Cisco ISE. Upon testing the ability to access all of the required devices, a user in the Cisco ISE group IT Admins is attempting to login to a device in their organization's finance department but is unable to. What is the problem?

Options:
A.

The IT training rule is taking precedence over the IT Admins rule.

B.

The authorization conditions wrongly allow IT Admins group no access to finance devices.

C.

The finance location is not a condition in the policy set.

D.

The authorization policy doesn't correctly grant them access to the finance devices.

Expert Solution
Questions # 69:

An engineer is configuring sponsored guest access and needs to limit each sponsored guest to a maximum of two devices. There are other guest services in production that rely on the default guest types. How should this configuration change be made without disrupting the other guest services currently offering three or more guest devices per user?

Options:
A.

Create an ISE identity group to add users to and limit the number of logins via the group configuration.

B.

Create a new guest type and set the maximum number of devices sponsored guests can register

C.

Create an LDAP login for each guest and tag that in the guest portal for authentication.

D.

Create a new sponsor group and adjust the settings to limit the devices for each guest.

Expert Solution
Questions # 70:

What is a requirement for Feed Service to work?

Options:
A.

TCP port 3080 must be opened between Cisco ISE and the feed server

B.

Cisco ISE has a base license.

C.

Cisco ISE has access to an internal server to download feed update

D.

Cisco ISE has Internet access to download feed update

Expert Solution
Viewing page 7 out of 8 pages
Viewing questions 61-70 out of questions